Sections in SSE

SSE's navigation UI allows admins to quickly maneuver through the portal to make configuring SSE simpler and more efficient.

Navigation is performed on left column with pages grouped into 5 primary groups (Home, Analyze, Protect, IAM, Settings and Support). Clicking on any of the group will expand the tree to reveal the subpages or sub groups further below. Clicking on one will open that particular portal page.



The top navigation of the SSE enables you to access the following options:

  1. On the upper-left corner of the portal, you can see 9 dot Waffle icon. Clicking the Waffle icon provides you the options to access the Insights platform services, any other ZTNA application which are enabled to display along with other Forcepoint ONE products (Cloud Firewall, Remote Browser Isolation, and so on) that you have access to.

  2. Displays the name of the Forcepoint product that you are accessing. For example, Forcepoint ONE - Security Service Edge
  3. You can use search icon to quickly search the SSE pages or Admin guide pages.
  4. The Bell icon indicates the total alerts. Clicking the Bell icon takes you to Analyze > Alerts page, where you can analyze each alert.
  5. On the right-top corner of the portal, you can find an avatar with initials of first and last name of the logged-in user. Clicking the user avatar provides you options to edit your user profile or logout of SSE.

The following sections will walk you through each of the five primary groups and which portal pages they contain.

Home

The Home page serves as the landing page for both existing and new users.

Analyze

This group contains all of your log reports and alerts for visibility into user's activity and suspicious behavior. This includes the following pages:

  • Discovery: Where you can configure proxy/firewall log upload or streaming to generate and view your ShadowIT reports.
  • CSPM: Setup monitoring of IaaS security configurations against the CIS Benchmarks.
  • SSPM: Setup monitoring of cloud applications to scan for security misconfigurations.
  • Connectors: You can view and monitor the status of each ZTNA connector linked to the tenant.
  • Tunnels: You can view and monitor the status of each IPSec and GRE tunnels linked to the tenant.
  • Devices: Review list of devices with the forward proxy and smartedge agents installed.

Protect

This group is the primary area for adding and managing your applications you wish to protect.

  • Policies: The main page where you can review the protected applications and manage their policies.
  • Add Apps: The process to add an application for protection whether it is a licensed app your company owns or a ShadowIT app you wish to block or control via forward proxy. Refer to the following guide pages to learn more about adding different types of applications:
    • Add Predefined App: Add a predefined app within SSE. Does not require you to modify or configuration the application's SSO info in SSE.
    • Any Managed Application: Add any cloud application including custom applications to SSE for protection. Admins will need to know some of the applications SSO information for setup.
  • Objects: The primary page for creating and/or maintaining the objects that are used in your policies (for example, DLP patterns, location objects, device profile objects, etc).
  • Notifications: A group of pages to configure the type of notifications - and who is notified - when a policy is triggered. Includes inline popups, group and user emails, as well as other messages that users may encounter.
  • Forward Proxy: Configure the forward proxy (agent or PAC file) for use for protecting applications. Also where you can manage Certificate Authorities for identifying managed devices via client certs.
  • Mobile Security: Setup mobile policy options such as screen autolock and PIN code enforcement when using the ActiveSync proxy.
  • Encryption: Manage your encryption keystore (Key Management page) as well has handling email tokenization (Email Normalization page).
  • Integrations: Where you can setup direct integrations with other systems.
    • ICAP: Configure information about your DLP server to send files over ICAP for secondary analysis.
    • Zscaler Integration: Setup the Zscaler integration in order to send information and policies from SSE's ShadowIT reports to Zscaler.

IAM

This group contains the configuration pages used for maintaining your organization in SSE (adding your domain, managing users/devices/etc).

  • Users and Groups: Where you go to add your domain and provision your users/groups as well as the ActiveDirectory sync.
  • Admin Roles: Admins can create custom role based access controls for other role based admins within the SSE.
  • Multi-Factor Auth: This section specifically takes you to the page to setup DUO security since it requires API authorization.

Settings

This group contains the majority of your setting configurations to be used in policies or integrations.

  • Appearance: Allows you to customize a welcome message on login to the SSE as well as the image icon that is shown.
  • OAuth: Settings page for OAuth configuration in order to setup REST API connections to SSE.
  • Certificates: Used for creating and managing certificates used for API Auth and ActiveSync Autodiscover.

Support

  • URL Lookup: Use the inbuilt tool to review the category of a URL or IP entered.
  • Admin Guide: Enables you to access the SSE administrators guide.
  • Contact Us: Enables you to access Forcepoint Customer Hub.